← Back to Skills Marketplace
tomjwxf

ScopeBlind protect-mcp

by TJF · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ Security Clean
137
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install scopeblind-protect-mcp
Description
MCP security gateway. Wraps any MCP server with per-tool policies, Ed25519-signed decision receipts, and human approval gates. Shadow mode logs everything wi...
README (SKILL.md)

protect-mcp — MCP Security Gateway

What This Skill Does

Wraps any MCP server as a transparent stdio proxy with per-tool security policies and cryptographic audit trail. Every tool call decision is logged and optionally Ed25519-signed.

Quick Start

# Shadow mode — log everything, block nothing
npx protect-mcp -- node your-server.js

# Enforce mode — apply per-tool policies
npx protect-mcp --policy policy.json --enforce -- node your-server.js

# Initialize signing (generates Ed25519 keypair)
npx protect-mcp init

Policy Example

{
  "tools": {
    "db_write": { "decision": "deny" },
    "file_read": { "decision": "allow", "rateLimit": { "maxCalls": 30, "windowSecs": 60 } },
    "deploy": { "decision": "require_approval" }
  }
}

Pre-built Policy Packs

protect-mcp ships CVE-anchored policy packs:

# List available policies
npx protect-mcp policies

# Apply the Clinejection prevention policy
npx protect-mcp --policy clinejection --enforce -- node your-server.js

Verify Receipts

Receipts are independently verifiable offline — no ScopeBlind dependency:

npx @veritasacta/verify receipt.json
npx @veritasacta/verify --self-test

OWASP MCP Top 10 Coverage

Risk Control
MCP-01 Rug Pulls Signed tool manifests; policy pins allowed tools
MCP-03 Tool Poisoning Per-tool allow/deny/rate-limit policies
MCP-04 Tool Arg Injection Argument inspection + approval gates
MCP-07 Auth/AuthZ Trust-tier gating
MCP-08 Logging & Audit Ed25519-signed receipts — verifiable offline
MCP-09 Excessive Agency Shadow mode reveals actual tool usage

Links

Usage Guidance
This skill appears internally consistent: it’s a CLI tool distributed via npm and the SKILL.md uses npx/npm in ways that match the description. However, installing and running third-party npm packages executes remote code and the tool will generate signing keys and write receipts to disk. Before installing: - Verify the npm package page, maintainers, and recent release history (don’t blindly run @latest). - Inspect the package source (npm view, GitHub repo) or run it in an isolated container or VM first. - Prefer a specific pinned version rather than @latest to avoid supply-chain surprises. - Find out where the tool stores private keys/receipts and protect those files (restrict filesystem permissions, back them up if needed). - Consider running 'npx protect-mcp --help' and reviewing docs on scopeblind.com and the npm listing before global install. If you cannot verify the package authorship or are uncomfortable granting filesystem execution rights, run the tool in an isolated environment or decline installation.
Capability Assessment
Purpose & Capability
The name/description match the runtime instructions: the SKILL.md shows how to run 'protect-mcp' via npx/npm, configure policies, and initialize signing. Declaring npx in metadata and using an npm install is proportionate to a CLI tool delivered via the npm ecosystem.
Instruction Scope
Instructions tell the agent to run npx protect-mcp commands that wrap a server process, generate Ed25519 keypairs, and write receipts; they do not ask for unrelated system files or credentials. However the SKILL.md does not specify where keys/receipts are stored or how long they persist, which is important because secrecy and local file writes are involved.
Install Mechanism
The install recommendation uses npm (npm install -g protect-mcp@latest) and runtime uses npx. This is a standard distribution mechanism for CLI tools but it does mean remotely-published code will be downloaded and executed on the host. No install tarball from a random URL is used, but npm packages can still contain arbitrary install scripts — verify the package source/maintainers before installing globally.
Credentials
The skill requests no environment variables or external credentials, which aligns with its intended local-proxy functionality. Caveat: the tool will generate and persist cryptographic keys and receipts locally (not declared as env/config paths), so consider where those secrets land and who can read them.
Persistence & Privilege
always:false (normal). The allowed-tools include Bash/Read/Write, which are necessary for running the proxy and creating keys/files. Installing the package globally (npm -g) writes to the system/npm directories and may require elevated permissions on some systems — run with care or use a container/virtualenv.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install scopeblind-protect-mcp
  3. After installation, invoke the skill by name or use /scopeblind-protect-mcp
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
scopeblind-protect-mcp 1.0.0 — Initial Release - Wraps any MCP server as a security gateway with per-tool policies. - Supports both shadow mode (logs all actions, does not block) and enforce mode (applies policy). - Provides cryptographically signed (Ed25519) decision receipts for all tool calls. - Includes human approval gates, rate-limits, and per-tool allow/deny decisioning. - Integrates pre-built, CVE-anchored policy packs. - Receipts are verifiable offline with no external dependency.
Metadata
Slug scopeblind-protect-mcp
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is ScopeBlind protect-mcp?

MCP security gateway. Wraps any MCP server with per-tool policies, Ed25519-signed decision receipts, and human approval gates. Shadow mode logs everything wi... It is an AI Agent Skill for Claude Code / OpenClaw, with 137 downloads so far.

How do I install ScopeBlind protect-mcp?

Run "/install scopeblind-protect-mcp" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is ScopeBlind protect-mcp free?

Yes, ScopeBlind protect-mcp is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does ScopeBlind protect-mcp support?

ScopeBlind protect-mcp is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created ScopeBlind protect-mcp?

It is built and maintained by TJF (@tomjwxf); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments